Topologia
Proxmox -- vmbr0 -- enp2s0 -- rb5009ug (eth2) -- internet (eth1)LAN siet 192.168.100.0/24
IP PVE 192.168.100.2vmbr0 je sietovy bridge pre VM a CT.
Chcem vytvorit novu siet (192.168.200.0/24), teda novy bridge pre server/y, ktore budu izolovane od 192.168.100.0/24.
Neviem ci je to najlepsia moznost, ale zrejme bude idelane pouzit VLAN (podporu ma MK ROS7 aj PVE 9).
Takze na MK
/interface vlan add name=vlan200_dmz interface=bridge1 vlan-id=200 comment="DMZ VLAN"
/ip address add address=192.168.200.1/24 interface=vlan200_dmz comment="DMZ network"
/ip firewall nat add chain=srcnat out-interface=pppoe-out1 src-address=192.168.200.0/24 action=masquerade comment="DMZ internet access"
/ip firewall filter add chain=forward src-address=192.168.200.0/24 dst-address=192.168.100.0/24 action=drop comment="Block DMZ -> LAN"Pre zaklad by to malo stacit.
PVE
do /etc/network/interfaces pridavam
auto vmbr200
iface vmbr200 inet manual
bridge-ports enp2s0.200
bridge-stp off
bridge-fd 0
Jediny problem je ze som geograficky od PVE dalej a siet na proxmoxe po reboote padla (divne je, ze LXC a VM bezia bez problemov dalej).
Viete ma nakopnut ci idem dobrym smerom a kde robim chybu ?
0 Odpovědí
253 Zhlédnutí